When Suricata 7.0.9 outputs alert logs in eve.json, how can one know which part of the packet’s keyword was matched by the rule?
Related topics
Topic | Replies | Views | Activity | |
---|---|---|---|---|
Rules and log files
|
1 | 1640 | November 28, 2023 | |
Unexpectedly seeing alert records written to eve.json when pass rules are triggered | 4 | 902 | November 18, 2022 | |
How the alerts are logged | 3 | 3089 | January 30, 2021 | |
Is there any way to link alert and log.pcap? | 3 | 452 | April 11, 2025 | |
Surcata5.0.2 When rules match,log file have no information | 2 | 800 | April 23, 2020 |